在进行RAC安装时,无密码的SSH配置是一项强制性的安装需求,用来在安装期间配置集群成员节点,并且在安装后,SSH由配置助手、OEM、OPatch和其他特性使用。
自动配置的无密码的SSH在集群的所有节点上使用OUI创建RSA密钥,如果由于系统限制无法自动配置,则需要手动配置SSH,例如使用DSA,本篇则演示手动配置无密码的SSH。
1、检查系统已存在的SSH配置
--查看SSH是否正在运行,使用如下命令:
[grid@strong ~]$ pgrep sshd --出现值表示进程正在运行
2242
10574
[grid@strong ~]$ ll -a .ssh
ls: cannot access .ssh: No such file or directory --表示ssh目录不存在2、在所有节点配置SSH
--创建ssh目录
[grid@strong ~]$ mkdir .ssh
--权限必须设为700
[grid@strong ~]$ chmod -R 700 .ssh/
--生成DSA
[grid@strong .ssh]$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/grid/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/grid/.ssh/id_dsa.
Your public key has been saved in /home/grid/.ssh/id_dsa.pub.
The key fingerprint is:
36:72:a5:f8:ae:01:63:94:fd:4e:83:ef:e1:aa:10:c3 grid@strong.oracle.com
The key's randomart image is:
+--[ DSA 1024]----+
| |
| o |
| o . . |
| . . + o |
| E + + S |
| + o O o |
| . . = |
| . = . |
| ..oo+ |
+-----------------+
[grid@strong .ssh]$
--将DSA Key添加到authorized_keys文件
[grid@strong .ssh]$ cat id_dsa.pub >> authorized_keys
[grid@strong .ssh]$ ll
total 12
-rw-r--r--. 1 grid oinstall 612 Apr 5 15:56 authorized_keys
-rw-------. 1 grid oinstall 668 Apr 5 15:51 id_dsa
-rw-r--r--. 1 grid oinstall 612 Apr 5 15:51 id_dsa.pub
--将authorized_keys拷贝至node2节点
[grid@strong .ssh]$ scp authorized_keys node2:/home/grid/.ssh/
The authenticity of host 'node2 (192.168.1.113)' can't be established.
RSA key fingerprint is 08:7b:57:bc:d6:8d:b9:2c:f0:a0:55:d2:ff:6c:22:b1.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'node2,192.168.1.113' (RSA) to the list of known hosts.
grid@node2's password:
authorized_keys 100% 612 0.6KB/s 00:00
[grid@strong .ssh]$
--将节点Node2的DSA key加至authorized_keys文件
[grid@strong .ssh]$ ssh node2
Last login: Thu Apr 5 12:17:37 2018 from strong
[grid@node2 ~]$ cat .ssh/id_dsa.pub >> .ssh/authorized_keys
[grid@node2 ~]$
--查看authorized_keys文件内容
[grid@node2 ~]$ more .ssh/authorized_keys
ssh-dss AAAAB3NzaC1kc3MAAACBAI7Mw5Oq05kyy7C7gnPMVpA4RmJQFxZbQLQw2sIQhtvjob22tBzZwlCxPie16Lz99qdx7AUL2xqgP8GsB4D+9Vv/WyQmwxx1FRpiYA+/PKyn6YEzS/t3Ng2zv2PckWdywUG/Ju5ZNuzds5EEl+ATJhStxxKUTaJU1xQ
sH7wQyh2ZAAAAFQDdaW+vFoAyb42ATSWOHaFIOJ6r5QAAAIBKtmgLLaY0ALsgxnDHcBtYp6nnXVPL16J1+mdPy1XEWRTkpCzRsh8h8PsCNUNYXsV4alFOctjLJpWTRSCCFlPqxSvP7nPaQInQ/Q89gfAxJWlXZPvIf228hBsU9v4DTyAwXbkdVZuLucqJGy
Ktgo8IZjIZsSAuuR/mcswZmD8fnAAAAIAf2R6pc0jn71iYeDNPMQGtUmlY0NO871BigH2jPkiAEvIkDBkN4BY4SC2VuBKcaP+6QwSMG6dBWV5NTxO7AlW3uk5fcVDZKvZc2cMnsADThqOSlu5PTV6CKNu+X2J4Lcq8BR3yOrj6FOBN3WIPGuQaRYMMpwtbZ
zNDvr+G4w3otw== grid@strong.oracle.com
ssh-dss AAAAB3NzaC1kc3MAAACBAN/iRyAIQsg1+PvCtgKuHcr/jfTDoCgrbyNKaGtNDOKz/TtCzUslb9RYM2vzUrg3/ug/1oYmYd6apFxMDIN1SF+wS5c1Od5+dLYr/N8onc9/oVl9eSoH28ObhpEtG8pBmQVAMMqhOoSBeCEo1iAPjgXX0qNlURW3yXY
4pN87y3L9AAAAFQCrbYjJZp3dWo6JANUP7YzyncdbSQAAAIBnzn8EyZl6auXCjMn5o3UgClbbslwqXHF4/BG4xM3lGfDjfZuuH4cUBxhpxBJMMRwIXvvykGHR+RMG+OevUtELsNGDG53SZG1z4wwsT92q+WZ/ilS2FrOLbTbqxlgQqbwWR6nnS/H5ofQoKm
qjJ87NtAbKKJdT1JnZ8AWZDaMWaAAAAIEAn6R0McOZd1bIIFY7PuJ4cBO8BbgmDsLdO15B9Tzq2zxfd3HJi93GlsIbvK4ivdkGgfxpb9e7ZgotVoodAKODXuCdLOGClZVeObBj+G3mX5YXejIkbH3bMvcCVlZ4cqqwqKZAYCKMQ6lrGeBEAq3qbv1z0Ccv9
W8w40HtzWMSMyk= grid@node2.oracle.com
[grid@node2 ~]$
--将所有节点的DSA Key加至authorized_keys后,再将其拷贝至所有节点
[grid@node2 ~]$ scp .ssh/authorized_keys strong:/home/grid/.ssh/
The authenticity of host 'strong (192.168.1.115)' can't be established.
RSA key fingerprint is 08:7b:57:bc:d6:8d:b9:2c:f0:a0:55:d2:ff:6c:22:b1.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'strong,192.168.1.115' (RSA) to the list of known hosts.
grid@strong's password:
authorized_keys 100% 1223 1.2KB/s 00:00
[grid@node2 ~]$3、在集群节点激活SSH用户等效性
--在所有节点执行,包括自己
[grid@node2 ~]$ ssh node2 date
The authenticity of host 'node2 (192.168.1.113)' can't be established.
RSA key fingerprint is 08:7b:57:bc:d6:8d:b9:2c:f0:a0:55:d2:ff:6c:22:b1.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'node2,192.168.1.113' (RSA) to the list of known hosts.
Thu Apr 5 12:58:47 CST 2018
[grid@node2 ~]$ ssh strong date
Thu Apr 5 16:00:23 CST 2018
--上述过程结束后,主机名被注册到known_hosts文件
[grid@strong .ssh]$ ll known_hosts
-rw-r--r--. 1 grid oinstall 803 Apr 5 16:01 known_hosts
--检查SSH用户等效性,不必输入密码
[grid@strong .ssh]$ ssh strong date
Thu Apr 5 16:02:27 CST 2018
[grid@strong .ssh]$ ssh node2 date
Thu Apr 5 13:01:05 CST 2018